The time now is Fri 01 Aug 2014, 08:22
All times are UTC - 4
Joined: 16 Jul 2011
|Posted: Sat 17 Sep 2011, 09:18 Post subject:
How to get eduroam / wpa2 enterprise to work with ttls
Subject description: In Lucid Puppy 525
After some fidgeting I got this to work and would like to share it with you, for any others who might be struggling with this.
All these instructions work for Lucid Puppy 5.2.5. I have not tested them with other versions.
I am not a (Puppy) Linux expert at all. This guide came to be through much trial and error, with the emphasis on error. With this guide, I hope to save new users time by sharing what works for me.
You can ask questions if it doesn't work, but I can't promise you that I can help.
It is likely that this guide contains errors, or superfluous instructions. Feel free to point them out, so can I optimise this guide and learn a thing or two at the same time ! More advanced users can help us out by answering the questions located at the bottom of this post. Thanks!
eduroam (education roaming) is a secure international roaming service for users in Higher Education. [...] Participating institutions are typically universities and other research and educational organisations. eduroam allows a user belonging to one institution to get network access when visiting another institution. [...] The visiting user is authenticated using the same credentials (username and password) that they would at their home institution.
eduroam is basically a WPA2 enterprise network, encrypted with AES. It uses the TTLS protocol. This short guide should work for different protocols as well, however.
Step 1: preparation
The Network wizard GUI doesn't offer us the options needed for an AES/TTLS connection. In order to get eduroam to work, we need to make a custom *.config file for wpa_supplicant.
Open up Geany (or your favourite editor) and type:
anonymous_identity="1. Anonymous identity"
ca_cert="4. Path to certificate"
[Question for the advanced users, see below under 'Questions'!]
First, save this file to /etc/network-wizard/wireless/wpa_profiles, as eduroam.conf .
As you can see, there are four things you have to fill out yourself.
1. Anonymous identity. Your institution should be able to tell you this. Mostly it's anonymous@<institution name>.<com/eu/etc.>.
2. Identity. Your login name. This is probably similar to what you use to login to the online environment of your institution (such as blackboard, email). If you don't know what you should enter here, ask your institution.
3. Password. This is the password associated with your identity.
4. Path to where your certificate is located. We'll deal with that now.
As far as I know, a certificate is not mandatory for eduroam to work, but it does make it safer. First, check with your institution if they have a certificate of their own (they should). If they don't, I have included the one from my institution below the instructions.
- Create a new directory in /etc called certificate.
- Copy and paste the certificate into a new file in your editor, and save it as certificate.der in /etc/certificate
This is the certificate my institution provided. I don't know whether it'll work for you, but you can always try:
In the eduroam.conf file, enter the path to the newly created certificate:
Save the config file, and exit.
Step 2: execution
Now you should be good to go. Make sure your wifi is turned on, that you're disconnected from any networks and that you're in an eduroam zone.
1. Start up a terminal window (Start button -> Utility -> Urxvt terminal emulator).
2. Enter the following line:
|wpa_supplicant -Dwext -i eth0 -c /etc/network-wizard/wireless/wpa_profiles/Eduroam.conf -B |
- wpa_supplicant: the tool that we use to connect to the internet.
- -Dwext: this is the driver that wpa_supplicant uses for your wifi-adapter. '-D' determines the network driver to use. In this case, we're using the driver wext.
You might need to change this! If it doesn't work, you can try -Dmadwifi or -Dndiswrapper, which are two other drivers. If those don't work, look up your driver here (thanks tempestuous!): http://www.murga-linux.com/puppy/viewtopic.php?p=159336#159336
- -i eth0: here we specify the interface of the network adapter to use.
You might need to change this! The name of your network adapter can change on a per boot basis (it does for me). Check by entering the command iwconfig. This will list your network adapters. [Question for the advanced users, see below under 'Questions'!]
- -c /etc/network-wizard/wireless/wpa_profiles/Eduroam.conf: here we tell wpa_supplicant where to find the correct config file to use. This is the file we created in step 1.
- -B: this will send the process to the background once it's running. Important: because wpa_supplicant is backgrounded, it won't output any errors it might encounter. Therefore, I recommend that you don't include it until you're sure it's running fine. First couple of times, try it without the -B option.
After you've executed that command, wpa_supplicant will start working. You're not connected to the internet yet, though. See step 3 below.
Wpa_supplicant might give you some errors (for instance, it tells me that the association with driver fails), but it should work. [Question for the advanced users, see below under 'Questions'!]
Look for the command that says that EAP authentication is successful. Wpa_supplicant should output somewhere between 15-30 lines of code. If it continues to try and authenticate/associate, something is wrong. Remember, you can force it to quit using ctrl + C !
If you didn't include the -B option in the line, the ongoing process of wpa_supplicant will occupy this terminal window, making it unusable until the process is stopped. After executing this command, don't close this terminal window. Minimise it and leave it alone.
3. Now that we're associated with eduroam, we need to ask it for an IP-address. Open up a new terminal window and type:
This command will automatically acquire an IP-address, after which it will fork to the background. If it reports back that it's successful, you should now be able to SURF THE INTERNETS!
- Are the three lines at the beginning of the *.config files (preceded by the hash-sign) necessary?
- [SOLVED] Can I use the option '-B' to run wpa_supplicant in the background?
Yes. This post gave me the answer: http://www.murga-linux.com/puppy/viewtopic.php?p=216669#216669
- Why does wpa_supplicant give me the error that the association with the driver failed?
- Why does the interface name of my wifi-adapter and my ethernet adapter switch around? Sometimes eth0 is ethernet, and eth1 is wifi, while the next boot it can be the other way round!
I hope this helps you guys out. If there is any trouble, ask your questions here or on the forums. Good luck!
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
Powered by phpBB © 2001, 2005 phpBB Group